The new data protection law: new challenges for companies

After years without any substantial changes, the data protection law, against the backdrop of technological and social changes, now faces a radical transformation –both within the EU and in Switzerland.

The new EU General Data Protection Regulation

Unlike the previous EU Data Protection Directive 95 / 46 / EC, the new EU General Data Protection Regulation immediately takes effect in all 28 EU member states, becoming applicable as of 25 May 2018. This new law enhances the transparency of data processing and expands the rights of the persons concerned. Additionally, infringements will be sanctioned by substantial penalties.

Significance for Switzerland

Not only does the EU General Data Protection Regulation apply to EU-based companies; it also directly affects foreign companies whose offer is aimed at a certain national market in the EU, or whose data processing serves to observe the behavior of persons in the EU.

Switzerland will align with the EU General Data Protection Regulation, with the objective of, inter alia, again receiving an adequacy decision from the European Commission, paving the way for trans-border data flows with the EU.

Revision of the Swiss Federal Act on Data Protection

In view of the new data protection law in the EU, the Swiss Federal Act on Data Protection is also being revised. On 21 December 2016, the Swiss Federal Council submitted the draft bill for consultation.

This publication provides a first overview of the key changes of the new data protection law – through a direct comparison between the new EU General Data Protection Regulation, the currently applicable Swiss Federal Act on Data Protection, and the preliminary draft for the new Swiss Federal Act on Data Protection.